Permissions issues all a sudden

[MiX74P3]

Have you read the Important information text above

• [X] Yes i did

Current behavior

this is not really a bug. but somehow having this issue all a sudden.

~/docker-palworld-dedicated-server$ docker-compose up -d && docker-compose logs -f [+] Running 1/0 ⠿ Container palworld-dedicated-server Started 0.0s palworld-dedicated-server | > Current steam user PUID is '1000' and PGID is '1000' palworld-dedicated-server | > PUID and PGID matching what is requested for user steam palworld-dedicated-server | chown: changing ownership of '/home/steam/steamcmd/rcon.yaml': Operation not permitted palworld-dedicated-server | > Current steam user PUID is '1000' and PGID is '1000' palworld-dedicated-server | > PUID and PGID matching what is requested for user steam palworld-dedicated-server | chown: changing ownership of '/home/steam/steamcmd/rcon.yaml': Operation not permitted palworld-dedicated-server | > Current steam user PUID is '1000' and PGID is '1000' palworld-dedicated-server | > PUID and PGID matching what is requested for user steam palworld-dedicated-server | chown: changing ownership of '/home/steam/steamcmd/rcon.yaml': Operation not permitted

i dont see a rcon.yaml file in that directory.

~$ ls /home/mix74p3/.steam/steamcmd linux32 package siteserverui linux64 public steamcmd.sh

not sure if soimething was deleted. anyway to correct this?

Desired behavior

Just trying to get server error corrected

Links to screenshots

No response

To Reproduce

Steps to reproduce the behavior:

1. Go to 'docker-palworld-dedicated-server$ docker- compose up -d && docker-compose logs -f '
2. Click on 'enter'
3. Scroll down to 'Container palworld-dedicated-server Started 0.0s palworld-dedicated-server | > Current steam user PUID is ' 1000' and PGID is '1000' palworld-dedicated-server | > PUID and PGID matching what is requested for user steam palworld-dedicated-server | chown: changing ownership of ' /home/steam/steamcmd/rcon.yaml': Operation not permitted '
4. See error

Software setup

• OS:Ubuntu 20.04.6 LTS (GNU/Linux 5.15.0-94-generic x86_64)
• Docker:3.9

Hardware setup

• vCPU:
• RAM:
• Disk:

Additional context

No response

[StaleLoafOfBread]

I ran into the same issue but I use Portainer and not docker-compose. However with help from the discord the solution for me was:

1. Change the user in Portainer to root:root

Then I got error

> PUID and PGID matching what is requested for user steam
> id steam: uid=1000(steam) gid=1000(steam) groups=1000(steam)
error: exec: "/servermanager.sh": stat /servermanager.sh: no such file or directory

So next I had to update the command to '/scripts/servermanager.sh' as it is in the docker file https://github.com/jammsen/docker-palworld-dedicated-server/blob/b62412a00ac37842b43a8e8f0cfe03d7f5d7dbcc/Dockerfile#L175

After that (and verifying I'm on the latest version of the container) everything worked!

[jammsen]

Hey @MiX74P3 - Please try a new directory and go trough the same Getting started guide in the readme again and see if that works out.

So new fresh dir, fresh docker-compose.yml and fresh default.env.

If that works, work from there backwards.

[khift363]

Thirding this issue. Cannot get it resolved. Switching to a fresh directory had no effect.

[Ise-Kaey]

Same Error, try different UID, GID and Goups (steam, 1000, ftp user) and try change owner manual via ssh. Nothing have work :x

Os: Ubuntu 22.04.3 LTS with Plesk Obsidian 18.0.58 Update #2 Docker: 1.8.7 (7 February 2024) - Kernel 5.15.0-92-generic - Version 25.0.3

vCPU: 8 x AMD EPYC-Milan Processor RAM: 32 GB Disc: 1 TB NVMe

[jammsen]

@khift363 @Ise-Kaey feel free to come by in Discord and jump in a call with me and screenshare me that please, need more context.

I have tested this on many setups, systems and different user-setups and it worked great, before we put out the hug-refactoring patch.

[ladudu]

I am using Synology DSM7.0. Today, after updating the Docker image to the latest version(as of 2024/02/16),I encountered an issue where the container fails to start. The previous version,downloaded on 2024/02/11,was working without any problems.

[jammsen]

I am using Synology DSM7.0. Today, after updating the Docker image to the latest version(as of 2024/02/16),I encountered an issue where the container fails to start. The previous version,downloaded on 2024/02/11,was working without any problems.

Try a everything new and fresh install and see if that works.

[khift363]

The issue appears to be that the container is now required to run as root, whereas previously it was able to run rootlessly. Running a container rootless is a much more secure approach as there have been a number of exploits used in the wild that allowed attackers to escape containerization and attack the main system and if the container was running under root then it's over for you, they have everything.

Palworld is a very new game with a lot of bugs in it and multiplayer was obviously not a focus of the devs -- it would not surprise me at all if there's an undiscovered attack vector in the game somewhere, and in the event of that happening I want as much distance between me and this container as possible, so running the container rootless is a hard requirement for me. Until that's possible, I've downgraded my container image and everything is working again.

Have you successfully tested this container in rootless mode? I know default vanilla Docker runs everything as root, but there are ways to run Docker rootlessly, and other tools like Portainer and Podman make it even easier to do so.

[Ise-Kaey]

What I can imagine is the following: The February update brought some changes to Docker in terms of security. Among other things, port sharing is no longer just public, as before, but now has the option of private and public. Private is selected as default. Perhaps in this context Docker's root was also set to unroot by default.

[jammsen]

Hey @khift363 @Ise-Kaey

The issue appears to be that the container is now required to run as root, whereas previously it was able to run rootlessly.

This 10 days ago, see here: https://github.com/jammsen/docker-palworld-dedicated-server/commit/9a1e5a5f617c7e92458908e538d871a2b99d434f#diff-dd2c0eb6ea5cfc6c4bd4eac30934e2d5746747af48fef6da689e85b752f39557

Running a container rootless is a much more secure approach as there have been a number of exploits used in the wild that allowed attackers to escape containerization and attack the main system and if the container was running under root then it's over for you, they have everything.

Yeah i think you talking about "Using Docker on the OS", when you say "container rootless", that has nothing todo with the image i provice though. Docker Rootful and Docker Rootless is a WAY OLD topic and its down to the user to decide what they want to use. My security standards have only increased and not lowered, i dont use USER steam in the Dockerfile anymore and jail the process for the steam user later to only use that. So its even more secure than before. We also did that to get rid of MANY QNAP/Synology and other China NAS'ses problems with Directories and Volume-Mounts.

Palworld is a very new game with a lot of bugs in it and multiplayer was obviously not a focus of the devs

Thats an opinion, where are your FACTS? If you dont have any, please refrain from dumbing on devs or people which arent here and cant defend themselfs ....

-- it would not surprise me at all if there's an undiscovered attack vector in the game somewhere, and in the event of that happening I want as much distance between me and this container as possible ...

Thats just SCARE-Talk with no proof what so ever ...

... so running the container rootless is a hard requirement for me.

Again this has nothing to do with the Image ... its how you install and run Docker, are you trying to scare people off or spread missinformation?

Until that's possible, I've downgraded my container image and everything is working again.

You can do that a long time .... 19.03 Experimental and 20.10 as native stable ....

..... I know default vanilla Docker runs everything as root, but there are ways to run Docker rootlessly ...

Again depends on the system and the user ....

@khift363 - I offered you 6 hours ago to look over your problem in Discord via voice-chat call with screenshare and you dont even comment on that, but now feel like you mix up "How to run Docker" vs "How to write a Dockerfile" vs "What permissions should a Docker-Image provice", theese are 3 seperat topis ... I offered to you to find facts ... what you wrote sounds a lot like opinions and no facts. Again im here to help, but please validate what you are saying/write is actually true and right.

What I can imagine is the following: The February update brought some changes to Docker in terms of security. Among other things, port sharing is no longer just public, as before, but now has the option of private and public. Private is selected as default. Perhaps in this context Docker's root was also set to unroot by default.

@Ise-Kaey Do you mean the multiple February updates of this image or the multpile updates of Docker and Docker-Compose?

[Ise-Kaey]

I mean the last update from Docker and Docker-Compose.

U've installed docker over Plesk. This have automatic root, but after the last Docker Update, ther are many new Security Settings. I will check later, if the last update have change Docker to unroot (at next restart from the servers), @jammsen

[jammsen]

@Ise-Kaey

I mean the last update from Docker and Docker-Compose.

Ah okay gotcha

U've installed docker over Plesk.....

No i dont, i dont use Plex anymore, do you mean "I have"?

[Ise-Kaey]

I've try now some steps: Grand docker over ssh root - no effect change puid and guid - can't look ect/group create a steam acc over ssh - no effect grand ftp user ssh access - no effect create a new server instance - see picture

[jammsen]

That log looks good, change passwords ... it literally says that there.

Also @Ise-Kaey if you have an issue create your own issue to ask for help.

This got way offtopic from what @MiX74P3 posted thats why im clsing this now, if @MiX74P3 need still support feel free to reach out to me.